Skills
NYC
skills/duc01226/easyplatform/markdown-to-docx/Gen Agent Trust Hub

markdown-to-docx

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection. The skill processes external markdown content which can contain instructions to manipulate the agent.
    • Ingestion points: The markdown file path provided to scripts/convert.cjs as defined in SKILL.md.
    • Boundary markers: None identified; the skill does not use delimiters to isolate untrusted content.
    • Capability inventory: The skill can write files to disk (.docx) and potentially make network requests to fetch images as mentioned in the Troubleshooting section.
    • Sanitization: No sanitization or filtering logic is mentioned for the markdown content.
  • [PROMPT_INJECTION] (LOW): The SKILL.md file contains 'IMPORTANT Task Planning Notes' which attempt to override the agent's general reasoning process with specific behavioral instructions.
  • [COMMAND_EXECUTION] (MEDIUM): The installation process requires running npm install, and the skill executes local scripts via node. This provides a vector for command injection if the agent is tricked into passing malicious arguments.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The package.json file specifies the markdown-docx dependency. This is a community-maintained package and not from a verified trusted source, which could lead to supply chain attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:39 PM